Subject: Re: new lkm stuff ?
To: Jaromir Dolecek <dolecek@ics.muni.cz>
From: Michael Graff <explorer@flame.org>
List: current-users
Date: 08/28/1996 18:20:16
Jaromir Dolecek <dolecek@ics.muni.cz> writes:

> I know it's stupid question, but let me know ... Why should
> be lkm a security hole ? If all the modules executables would be on one
> place maintained by root. I know nothing about that, but just as i feel
> it won't be dangerous. Or am i wrong ?

On a secure system you don't want a simple way to modify the running kernel
or the next one to run (after a reboot for example)

This means you want to drop to single user mode, at the console, and install
a new kernel, but never ever let someone telnet in and modify the kernel
or an LKM.  But, if you are that worried you would need to secure more than
just the kernel.

IMHO, as NetBSD and the other *BSD's stand right now, a secure system is
something to wish for but not even close yet.

--Michael